In 2014, a European country’s government nationalized the country’s water utilities. As of January 2024, the government officially took ownership of all the assets from the 31 independent local authorities that had previously been managing and operating the country’s water supply, including 2,000+ water treatment plants and 5,000 pumping stations. Assets include programmable logic controllers (PLCs), pumps, chlorination equipment, filters, supervisory control and data acquisition (SCADA) systems, routers, switches, and generally a wide range of makes and models of equipment. The 31 local authorities had functioned independently without any unifying strategic direction and no delineation between IT and OT.

The Challenge

The newly formed national utility had a huge task ahead: bringing all water services, equipment and sites in compliance with the EU National Infrastructure Securities Directive (NISD), the EU Critical Entities Resilience Directive (CER), and the forthcoming directive NIS2. These directives require an organization to understand its assets and the risks associated with those assets and to put remediation plans in place to mitigate those risks. NIS2 extends these regulations to wastewater treatment plants.

Securing the plants from an OT and cybersecurity point of view is a large-scale endeavor that will require multiple years to complete. It is critically important that the process does not jeopardize the delivery of safe, clean drinking water to the population, so the work must be done without impacting any of the plant’s operations.

Continue reading to learn why Armis Centrix™ became key to the utility’s ongoing security strategy and to maintaining compliance with European directives.

Continue Reading